Page Contents
Home > @loopback/security > Subject
Subject interface
Subject represents both security state and operations for a single request. It’s the who for security.
Such operations include: - authentication (login) - authorization (access control) - session access - logout
Signature:
export interface Subject
Properties
| Property | Modifiers | Type | Description |
|---|---|---|---|
| authorities | Set<Permission> | An array of authorities granted by the user to the client application. One example is {@link https://tools.ietf.org/html/rfc6749#section-3.3 | oAuth2 scopes). | |
| credentials | Set<Credential> | An array of credentials, such as password, access token, or private/public keys. | |
| principals | Set<TypedPrincipal> | <p>An array of principals. It can include information about the current user, the client application, and granted authorities.</p><p>Subject represents both security state and operations for a single application user.</p><p>Such operations include: - authentication (login) - authorization (access control) - session access - logout</p> |